Just-In-Time Access (JIT) also-known-as Zero Standing Privileges (ZSP), minimizes the Privileged Access security risks by eliminating permanent or standing privileges and replacing them with a model where privileges are granted on an as-needed, just-in-time basis. Applies least privilege principle.
Authorized users are required to ‘Activate’ their specific access levels on an as-needed basis, adhering to predefined conditions and within the time frame sanctioned by the policy.
Approach
To align with the principle of least privilege, solution categorizes user’s access to an application or system into various tiers or levels, termed ‘Just-In-Time (JIT) Entitlements’.
To gain access to an application/system, users must submit a request for the activation of one or more of these JIT Entitlements. This process ensures that access is granted on a need-to-use basis based on org policy, enhancing security and compliance.
Activation Context for Access
Users must specify the circumstances necessitating the activation of access, such as responding to an incident or executing a change request. Solution integrates with IT Asset Management Systems, like ServiceNow, to validate and gather pertinent details for further assessment. It also retrieves the user’s profile data, including roles and responsibilities.
The duration of access activation can be limited according to the activation-period-policy, which utilizes contextual information. This includes factors such as the anticipated start and end dates/times of incidents or change requests.
Depending on the activation policy, an Activation Request may either be automatically approved or disapproved, or it may initiate an approval workflow.
Once validated and approved, requested access is activated in near real-time.
Reference Implementation
– Role Studio (JIT Role)
– My Access (JIT Access and Activations)